Working with SAML |
To use SAML with Shares, you must already have an identity provider (IdP) that meets the following requirements:
Tag | Format |
---|---|
NameID Format | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
Entity ID | https://shares_ip/auth/saml/metadata/ |
Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST |
Callback URL | https://shares_ip/auth/saml/callback |
If the IdP is capable of reading SAML XML metadata for a service provider, you can upload a saved XML metadata file to configure the IdP. You can retrieve the XML metadata for an existing Shares by going to https://server_ip/auth/saml/metadata and saving the XML as an XML file.
Shares: expects assertion from an IdP to contain the following elements:
Default Attribute | Shares User Field | Required |
---|---|---|
NameID / SAML_SUBJECT / id | Username | Yes, with the format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
Email address | Yes | |
given_name | First name | Yes |
surname | Last name | Optional |
member_of | SAML group | Necessary for SAML groups |